Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-29 | CVE-2024-6551 | The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. | 5.3 |
| 2024-08-29 | CVE-2024-7606 | Cross-site Scripting vulnerability in Etoilewebdesign Front END Users The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-08-29 | CVE-2024-7895 | Cross-site Scripting vulnerability in Wpbeaveraddons Powerpack Lite for Beaver Builder The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-08-29 | CVE-2024-41918 | Missing Authorization vulnerability in Rakuten Ichiba 'Rakuten Ichiba App' for Android 12.4.0 and earlier and 'Rakuten Ichiba App' for iOS 11.7.0 and earlier are vulnerable to improper authorization in handler for custom URL scheme. | 6.1 |
| 2024-08-29 | CVE-2024-45232 | Authorization Bypass Through User-Controlled Key vulnerability in In2Code Powermail An issue was discovered in powermail extension through 12.3.5 for TYPO3. | 5.3 |
| 2024-08-29 | CVE-2024-8250 | Out-of-bounds Write vulnerability in Wireshark NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file | 5.5 |
| 2024-08-28 | CVE-2024-45046 | Cross-site Scripting vulnerability in PHPoffice PHPspreadsheet PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. | 5.4 |
| 2024-08-28 | CVE-2024-45048 | XXE vulnerability in PHPoffice PHPspreadsheet PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. | 6.5 |
| 2024-08-28 | CVE-2024-45057 | Cross-site Scripting vulnerability in Portabilis I-Educar i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. | 6.1 |
| 2024-08-28 | CVE-2024-43805 | Cross-site Scripting vulnerability in Jupyter Jupyterlab and Notebook jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. | 6.1 |